Vishing spikes as workforces go remote: 6 vishing prevention tips anyone can follow

Introduction

With thousands of teams worldwide being asked to work remotely to help contain the spread of COVID-19, scammers have a fertile ground to prey upon telecommuters. One scam that workers probably weren’t warned about is vishing. This is a type of fraud where adversaries use the phone and social engineering techniques to obtain confidential information from individuals — often financial information. 

While less common than email phishing attacks, the scam poses a real threat. In this article, we’ll explore the concept and learn how to prevent vishing.

The different techniques of vishing

Vishing can be attempted in various ways. For example, fraudsters can have a real person on the other end of the call who is trying to scam you, or they may automate the scam with assistance from a robot. 

For companies and remote teams, scammers are more likely to get a real person on the line. They may warn you about suspicious or fraudulent bank transfers or mention that they’re calling from IT support. The aim is to gain remote access to systems or lure you into giving sensitive information about your company.

Sponsorships Available

Sponsorships Available

Sponsorships Available

To get an idea of how this might play out in the real world, here’s a video from GetSafeOnline.org showing audio reconstructions from actual phishing attempts.

Vishing typically relies on VoIP (Voice over Internet Protocol) technology and caller ID spoofing. Scammers “spoof” a number, making the victim’s caller ID display a trusted contact. Beyond that, they simply rely on the personal touch of a human voice and an unsuspecting target to make the attack successful. If a scammer already has access to some of the victim’s personal data (which they may have sourced from the dark web or another scam), they can easily mimic a conversation that a person would expect (Read more...)